Self copying at the running state

I am trying to create a self-copy or move while the program is running , but however I dont have idea how to achieve this without getting the access denied because of running state or using MoveFileEx(MOVEFILE_DELAY_UNTIL_REBOOT) which it will act after the reboot.

int _tmain(int argc, _TCHAR* argv[]){
	WCHAR szFilepath[MAX_PATH];
	std::wstring wFilepath;
	std::wstring wFilename;
	std::wstring wDestpath;

	/* Get the current executable's full path */
	wFilepath = std::wstring(szFilepath, GetModuleFileNameW(NULL, szFilepath, MAX_PATH));
	std::wcout << L"filepath: " << wFilepath << std::endl;

	/* Extract just the name */
	wFilename = wFilepath.substr(wFilepath.find_last_of(L"\\/") + 1);
	std::wcout << L"filename: " << wFilename << std::endl;

	/* Set the destination folder path and file name */
	wDestpath = L"D:\\" + wFilename;
	std::wcout << L"dest path: " << wDestpath << std::endl;

	// copys the file of your '.exe'

	if (!CopyFileW(wFilepath.c_str(), wDestpath.c_str(), FALSE)) {
		std::wcout << L"couldnt copy the file";
	else {
		std::wcout << L"copied";
	return 0;

Could code it to kill program for a split second in order to replicate it and re-engage it. Or suspend it.

at the code level how can I do it? I am so confused

Can you spawn another process, end your current one, and have the other process move the file? Or could you just copy yourself from memory onto the filesystem in another location?

I got the last one tactic , but I want a bit more stealthy tecnique. how can I do it the first one at a code level?

I am not much of a Windows programmer, unfortunately. You can look at the MSDN documentation and see if there is a either a version of or a parameter in CreateProcess that might be of use to you. I suggest writing a new executable file somewhere with code to delete your current executable,then using CreateProcess or some variant of it to launch that executable. The other executable should wait 1 or 2 seconds then delete your current file and move it somewhere else. That wait would be the time for your current process to exit after starting the other one.

I see. this piece of code . I am using a for a malware research programming, but I dont know if malware writter uses

copy itself. I mean with I download malware then this one search for network drives and copy to D: and K: keeping the orignal file where was setup as storage . lets guess APPDATA or just encrypt all drives including local , and use x exploit to jump to another victim

If your target is to spread malware then you could try run a function continuously which looks for the device to spread or watever youre trying to do and keep the rest of it as payload.
Its is a little more on the heavier side but gets the work done!!

Or better, detect an external device connected event and do stuff based on that. Async ftw

This topic was automatically closed after 30 days. New replies are no longer allowed.